System and Method for Operating End-to-End Security Channel Between Server and IC Card

ABSTRACT

The present invention relates to a system and method for operating an end-to-end security channel between an IC card and a server on a communication network. A method for connecting an end-to-end security channel between an IC card and a server on a communication network includes the steps of: generating, by the server, a random number Rs for transmission to the IC card, generating an E(Rs) by encrypting the random number Rs by a user public key, and transmitting the E(Rs) to the IC card through the communication network; receiving, by the IC card, the E(Rs) through the communication network and extracting the random number Rs by decrypting the E(Rs) by a user private key; generating, by the IC card, a random number Rc to be transmitted to the server, generating a session key K′ by the random number Rs and the random number Rc, and generating a first card verifier MAC by encrypting the random number Rs by the session key K′; transmitting, by the IC card, the random number Rc and the first card verifier MAC to the server through the communication network; receiving, by the server, the random number Rc and the first card verifier MAC through the communication network, generating a session key K by the random number Rs and the random number Rc, and generating a first server verifier MAC by encrypting the random number Rs by the session key K; and comparing, by the server, the first card verifier MAC and the first server verifier MAC to certify the session key K.

TECHNICAL FIELD

The present invention relates to a system and method for operating anend-to-end security channel between an IC card and a server on acommunication network.

BACKGROUND ART

The advancement of information communication technology and modernsociety provides a variety of financial transaction services through avariety of non-face-to-face channels such as Internet banking.

In the case of a conventional model using an authorized certificate, aterminal such as a computer is used to establish a security channel inconnection with a financial company server (or certificate companyserver). However, the computer is always exposed to a hacking dangerbecause it provides a variety of Internet services as well as financialtransaction services.

In order to solve this problem, security programs are installed toenhance the security. This method still has a problem that many hackersuse the advanced information communication technology to disable thesecurity programs to hack the financial transaction services.

DISCLOSURE OF INVENTION Technical Problem

Therefore, an object of the present invention is to provide a system andmethod for operating an end-to-end security channel between an IC cardand a server on a communication network, which can provide a powerfulsecurity function by eliminating a hacking danger possibility betweenthe IC card and the server in advance.

Technical Solution

A method for connecting an end-to-end security channel between an ICcard and a server on a communication network according to some aspectsof the present invention may include the steps of: generating, by theserver, a random number Rs for transmission to the IC card, generatingan E(Rs) by encrypting the random number Rs by a user public key, andtransmitting the E(Rs) to the IC card through the communication network;receiving, by the IC card, the E(Rs) through the communication networkand extracting the random number Rs by decrypting the E(Rs) by a userprivate key; generating, by the IC card, a random number Rc to betransmitted to the server, generating a session key K′ by the randomnumber Rs and the random number Rc, and generating a first card verifierMAC′ by encrypting the random number Rs by the session key K′;transmitting, by the IC card, the random number Rc and the first cardverifier MAC′ to the server through the communication network;receiving, by the server, the random number Rc and the first cardverifier MAC′ through the communication network, generating a sessionkey K by the random number Rs and the random number Rc, and generating afirst server verifier MAC by encrypting the random number Rs by thesession key K; and comparing, by the server, the first card verifierMAC′ and the first server verifier MAC to certify the session key K.

A method for connecting an end-to-end security channel between an ICcard and a server on a communication network according to other aspectsof the present invention may include the steps of: generating, by theserver, a random number Rs for transmission to the IC card, generatingan E(Rs) by encrypting the random number Rs by a user public key, andtransmitting the E(Rs) to the IC card through the communication network;receiving, by the IC card, the E(Rs) through the communication networkand extracting the random number Rs by decrypting the E(Rs) by a userprivate key; generating, by the IC card, a random number Rc to betransmitted to the server, generating an E(Rc) by encrypting the randomnumber Rc by a server public key, generating a session key K′ by therandom number Rs and the random number Rc, and generating a first cardverifier MAC′ by encrypting the random number Rs by the session key K′;transmitting, by the IC card, the E(Rc) and the first card verifier MAC′to the server through the communication network; receiving, by theserver, the E(Rc) and the first card verifier MAC′ through thecommunication network, extracting the random number Rc by decrypting thereceived E(Rc) by a server private key, generating a session key K bythe random number Rs and the random number Rc, and generating a firstserver verifier MAC by encrypting the random number Rs by the sessionkey K; and comparing, by the server, the first card verifier MAC′ andthe first server verifier MAC to certify the session key K.

Also, the methods may further include the steps of: encrypting, by theserver, the random number Rc by the session key K to generate a secondserver verifier MAC; transmitting, by the server, the second serververifier MAC to the IC card through the communication network;receiving, by the IC card, the second server verifier MAC and encryptingthe random number Rc by the session key K′ to generate a second cardverifier MAC′; comparing, by the IC card, the second card verifier MAC′and the second server verifier MAC to certify the session key K′; and ifthe session key K′ is certified, processing that an end-to-end securitychannel is connected between the IC card and the server. Also, themethods may further include the steps of: generating, by the IC card,Data′ to be transmitted to the server through the communication network;encrypting, by the IC card, the generated Data′ by the session key K′ togenerate E(Data′); and transmitting, by the IC card, the generatedE(Data′) to the server through the communication network. Also, themethods may further include the steps of: receiving, by the server, theE(Data′) from the IC card through the communication network; anddecrypting, by the server, the received E(Data′) by the session key K toextract the Data′. Also, the methods may further include the steps of:if there is Data to be transmitted to the IC card, encrypting, by theserver, the Data by the session key K to generate E(Data); andtransmitting, by the server, the generated E(Data) to the IC cardthrough the communication network, and may further include the steps of:receiving, by the IC card, the E(Data) through the communicationnetwork; and decrypting, by the IC card, the received E(Data) by thesession key K′ to extract the Data.

A system for connecting an end-to-end security channel between an ICcard and a server on a communication network according to furtheraspects of the present invention may include: a server for generating arandom number Rs for transmission to the IC card, generating an E(Rs) byencrypting the random number Rs by a user public key, and transmittingthe E(Rs) to the IC card through the communication network; and an ICcard for receiving the E(Rs) through the communication network,extracting the random number Rs by decrypting the E(Rs) by a userprivate key, generating a random number Rc to be transmitted to theserver, generating a session key K′=Rs∥Rc by the random number Rs andthe random number Rc, generating a first card verifier MAC′ byencrypting the random number Rs by the generated session key K′, andtransmitting the random number Rc and the first card verifier MAC′ tothe server through the communication network. Herein, the server mayreceive the random number Rc and the first card verifier MAC′ throughthe communication network, generate a session key K=Rs∥Rc by the randomnumber Rc and the first card verifier MAC′, generate a first cardverifier MAC by encrypting the random number Rs by the session key K,compare the first card verifier MAC′ and the first card verifier MAC tocertify the session key K, generate, if the session key K′ is certified,a second server verifier MAC by encrypting the random number Rc by thesession key K, and transmit the generated second server verifier MAC tothe IC card through the communication network.

A system for connecting an end-to-end security channel between an ICcard and a server on a communication network according to still furtheraspects of the present invention may include: a server for generating arandom number Rs for transmission to the IC card, generating an E(Rs) byencrypting the random number Rs by a user public key, and transmittingthe E(Rs) to the IC card through the communication network; and an ICcard for receiving the E(Rs) through the communication network,extracting the random number Rs by decrypting the E(Rs) by a userprivate key, generating a random number Rc to be transmitted to theserver, generating an E(Rc) by encrypting the random number Rs by aserver public key, generating a session key K′=Rs∥Rc by the randomnumber Rs and the random number Rc, generating a first card verifierMAC′ by encrypting the random number Rs by the generated session key K′,and transmitting the E(Rc) and the first card verifier MAC′ to theserver through the communication network. Herein, the server may receivethe E(Rc) and the first card verifier MAC′ through the communicationnetwork, extract the random number Rc by decrypting the E(Rc) by a userpublic key, generates a session key K=Rs∥Rc b by the random number Rsand the random number Rc, generate a first card verifier MAC byencrypting the random number Rs by the session key K′, compare the firstcard verifier MAC′ and the first card verifier MAC to certify thesession key K′, generate, if the session key K′ is certified, a secondserver verifier MAC by encrypting the random number Rc by the sessionkey K, and transmit the generated second server verifier MAC to the ICcard through the communication network.

Also, the systems may further include: a terminal having an IC cardreader capable of reading the IC card and providing a communication nodebetween the IC card and the server. Also, the IC card may receive thesecond server verifier MAC, generate a second server verifier MAC′ byencrypting the random number Rc by the session key k′, compare thesecond server verifier MAC′ and the second server verifier MAC tocertify the session key K, and if the session key K is certified,process that an end-to-end security channel is connected with theserver.

ADVANTAGEOUS EFFECTS

The present invention loads an authorized certificate, which is exposedto a hacking danger, into an IC card, thereby making it possible toprevent the danger of the authorized certificate being hacked. Also, thepresent invention provides a security in an end-to-end (i.e., a serverand an IC card) communication channel, as well as a conventional methodof connecting a communication channel between a server and a terminalthrough a communication network, thereby making it possible to provide amore powerful security function. Also, the present invention encrypts asession key to be transmitted by using a server public key provided in acard, thereby making it possible to protect data for generation of thesession key that may leak during transmission from the card to theserver.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a schematic block diagram of a card issuing system forconnection of an end-to-end security channel with a financial systemaccording to an embodiment of the present invention.

FIG. 2 is a schematic block diagram of an IC card for connection of anend-to-end channel with a financial system on a communication networkaccording to an embodiment of the present invention.

FIG. 3 is a flow diagram illustrating a card issuing process forconnection of an end-to-end channel with a financial system according toan embodiment of the present invention.

FIG. 4 is a flow diagram illustrating a card issuing process forconnection of an end-to-end channel with a financial system according toanother embodiment of the present invention.

FIG. 5 is a schematic block diagram of a banking system for operation ofan end-to-end security channel between an IC card and a server on acommunication network according to an embodiment of the presentinvention.

FIG. 6 is a flow diagram illustrating an operation of a banking systemfor operation of an end-to-end security channel between an IC card and aserver on a communication network according to an embodiment of thepresent invention.

FIG. 7 is a flow diagram illustrating an operation of a banking systemfor operation of an end-to-end security channel between an IC card and aserver on a communication network according to another embodiment of thepresent invention.

BEST MODE FOR CARRYING OUT THE INVENTION

Hereinafter, specific embodiments will be described in detail withreference to the accompanying drawings. The terms used herein aredefined according to the functions of the present invention and may varydepending on the intentions of those skilled in the art. Thus, thedefinition of the terms must be understood based on the overalldescriptions made herein.

FIG. 1 is a schematic block diagram of a card issuing system forconnection of an end-to-end security channel with a financial systemaccording to an embodiment of the present invention. That is, FIG. 1illustrates a system in which, when a client provides Integrated Circuit(IC) card issue application information for connection of an end-to-endsecurity channel with a financial system to the financial system througha card issuing interface, the financial system issues an IC card to theclient on the basis of the IC card issue application information. Thepresent invention is not limited thereto and includes variousmodifications and additions that can be made by those of ordinary skillin the art. For example, the present invention may include, as well asthe above card issuing system, a card issuing system structure forconnection of an end-to-end security channel with a server on acommunication network. Also, the issued IC card in FIG. 1 may not haveinformation for financial transaction. Hereinafter, for the sake ofconvenience, a component corresponding to at least one means, whichissues the IC card to the client on the basis of the IC card issueapplication information through the card issuing interface in the cardissuing system of FIG. 1, will be referred to as a card issuing server100.

Referring to FIG. 1, the card issuing system for connection of anend-to-end security channel with the financial system includes a staffterminal used by a card issuing staff in at least one card issuinginstitution (or financial institution), and also includes a clientterminal including a wired terminal and/or a wireless terminal used bythe client if the card issuing system supports non-face-to-face cardissue application. The staff terminal and/or the client terminalhave/has a communication channel connected through a network means tothe card issuing server 100 on the financial system.

In an embodiment of the present invention, when the client visits thecard issuing institution (or financial institution) for connection of anend-to-end security channel with the financial system, writes a cardissue application form for connection of an end-to-end security channelwith the financial system (e.g., a document with a form for writing inat least one information field for connection of an end-to-end securitychannel with the financial system) through a window (or the card issuingstaff) provided in the card issuing institution (or financialinstitution) (or the card issuing staff visits the client so that theclient writes a card issue application form for connection of anend-to-end security channel with the financial system), and presents thewritten card issue application form to the card issuing staff, the cardissuing staff inputs (or selects) information, which is written in thecard issue application form, through the staff terminal, and the staffterminal transmits the input (or selected) information through thenetwork means to the card issuing server 100 on the financial system.Herein, it is preferable that the staff terminal includes a staffterminal that is used by the card issuing staff in the card issuinginstitution (or financial institution). Also, it is preferable that thecard issuing server 100 connected to the staff terminal includes aserver provided on the card issuing institution (or financialinstitution or a card issue affiliate institution affiliated with thecard issuing institution). The network means connecting the staffterminal and the card issuing server 100 includes a communicationnetwork that connects a communication channel therebetween. Also, incard issuing system, the card issue application form written by theclient, the staff terminal used by the card issuing staff, and thefinancial network connecting the staff terminal and the card issuingserver 100 serve as a card issuing interface that is used by the clientto register IC card issue application information for connection of anend-to-end security channel with the financial system.

In another embodiment of the present invention, if the card issuingsystem supports non-face-to-face card issue application, when the clientconnects to the card issuing server 100 through at least one clientterminal among a wired terminal connected to a wired communicationnetwork and/or a wireless terminal connected to a wireless communicationnetwork, and inputs (or selects) IC card issue application informationfor connection of an end-to-end security channel with the financialsystem through at least one user interface provided by the card issuingserver 100, the client terminal transmits the IC card issue applicationinformation through the network means to the card issuing server 100 onthe financial system. Herein, the wired terminal connected to the wiredcommunication network is a general term for all terminals connected to aTransmission Control Protocol/Internet Protocol (TCP/IP) basedcommunication network, and it is preferable that the wired terminalincludes at least one or more of a desktop computer or a notebookcomputer connected to the TCP/IP based communication network, or ahousehold terminal (i.e., a set-top-box, etc.) connected to the TCP/IPbased communication network, and a KIOSK connected to the TCP/IP basedcommunication network. Also, the wireless terminal connected to thewireless communication network is a general term for all terminalsconnected to a Code Division Multiple Access (CDMA) based mobilecommunication network, all terminals connected to a High Speed DownlinkPacket Access (HSDPA) based wireless communication network, or allterminals connected to IEEE 802.16x based portable Internet, or allterminals connected to a wireless data communication network using aDataTAC scheme of Motorola or a Mobitex scheme of Erricson, and it ispreferable that the wireless terminal includes at least one or more of aPersonal Communication System (PCS) or Global System for Mobilecommunications (GSM) or Personal Digital Cellular (PDC) or PersonalHandyphone System (PHS) terminal or Personal Digital Assistant (PDA) orSmart Phone or Telematics connected to the CDMA based mobilecommunication network, or a wireless communication terminal connected tothe HSDPA based wireless communication network, or a portable Internetterminal connected to the IEEE 802.16x based portable Internet, or awireless data communication terminal connected to the DataTAC/Mobitexbased wireless communication network. Also, the client terminal mayinclude a functional structure for outputting at least one userinterface provided by the card issuing server 100, inputting and/orselecting at least one information through the user interface, andtransmitting the same to the card issuing server 100 (e.g., a functionfor communication with a browser program, or a function forcommunication with a communication program communicating with the cardissuing server 100). Also, in the card issuing system, the clientterminal including at least one of the wired terminal and/or thewireless terminal used by the client and at least one wiredcommunication network and/or wireless communication network connectingthe client terminal and the card issuing server 100 serve as a cardissuing interface that is used by the client to register IC card issueapplication information for connection of an end-to-end security channelwith the financial system.

In further another embodiment of the present invention, if the cardissuing system supports non-face-to-face card issue application, a cardissue terminal 150 may further include, as well as the staff terminaland/or the client terminal, an automatic financial machine (not shown)including an Automatic Teller Machine (ATM) or a Cash Dispenser (CD)connected to a financial network (e.g., a financial common network), ora call terminal (not shown) connected to a wired telephone network suchas a Public Switched Telephone Network (PSTN) or a Voice over IP (VoIP)network, or a call terminal (not shown) connected to a wirelesstelephone network such as a mobile communication network or a wirelessVoIP network, or a terminal (or a server) (not shown) provided in atleast one institution affiliated with the card issuing institution (orfinancial institution), to which the present invention is not limited.If the card issue terminal 150 is the automatic financial machine, theautomatic financial machine and the financial network connecting theautomatic financial machine to the card issuing server 100 serve as acard issuing interface that is used by the client to register IC cardissue application information for connection of an end-to-end securitychannel with the financial system. If the card issue terminal 150 is thecall terminal, the call terminal and the wired telephone network orwireless telephone network connecting the call terminal to the cardissuing server 100 serve as a card issuing interface that is used by theclient to register IC card issue application information for connectionof an end-to-end security channel with the financial system. If the cardissue terminal 150 is the terminal (or server) provided in theinstitution affiliated with the card issuing institution (or financialinstitution), the terminal (or server) and the network connecting theterminal (or server) to the card issuing server 100 serve as a cardissuing interface that is used by the client to register IC card issueapplication information for connection of an end-to-end security channelwith the financial system.

When an IC card is issued to the client on the basis of the IC cardissue application information provided from the card issue terminal 150,a storage medium 140 stores IC card issue information according to theIC card issue. The IC card issue information stored in the storagemedium 140 is used on the financial system for connection of anend-to-end security channel with the financial system. According to anembodiment, the storage medium 140 is provided on the financial systemor in a DBMS on a financial system connected therewith. Herein, thestorage medium 140 may be a ledger D/B provided in the DBMS on thefinancial system, or a database connected with the ledger D/B, to whichthe present invention is not limited.

The card issuing server 100 is a general term for the components of thefinancial system connected through a network means to the card issueterminal 150. The card issuing server 100 may include at least oneserver (or device), or may be embodied in at least one program recordedin a recording medium provided in the server (or device), to which thepresent invention is not limited. Also, the card issuing server 100includes an interface unit 105 (or an interface means) for providing acard issuing interface to the card issue terminal 150 through thenetwork means.

According to an embodiment, if the card issue terminal 150 is a staffterminal connected to a financial network, the interface unit 105connects a communication channel with the staff terminal on the basis ofa protocol stack defined on the financial network, and provides acommunication interface for transmission/reception of at least oneinformation (or data) by using a communication protocol defined in acard issue application program provided in the staff terminal.

According to another embodiment, if the card issue terminal 150 is aclient terminal including a wired terminal connected to a wiredcommunication network, the interface unit 105 provides a communicationinterface for connecting a communication channel with the clientterminal on the basis of a protocol stack defined on the wiredcommunication network, and transmitting/receiving at least oneinformation (or data) by using a communication protocol defined in acommunication program provided in the client terminal. For example, if abrowser program corresponding to a Hyper-Text Transfer Protocol (HTTP)protocol is provided in the client terminal, the interface unit 105provides a communication interface for connecting a communicationchannel with the client terminal on the basis of the TCP/IP protocol,and transmitting/receiving a webpage (e.g., Hyper-Text Markup Language(HTML) compatible webpage) and/or information by using an HTTP protocoldefined in the browser program. If the card issue application programprovided from the card issuing server 100 is provided in the clientterminal, the interface unit 105 provides a communication interface forconnecting a communication channel with the client terminal on thebasis, and receiving information (or data) by using a communicationprotocol defined in the communication program.

According to still another embodiment of the present invention, if thecard issue terminal 150 is a client terminal including a wirelessterminal connected to a wireless communication network, the interfaceunit 105 provides a communication interface for connecting acommunication channel with the client terminal on the basis of aprotocol stack defined in the wireless communication network, andtransmitting/receiving at least one information (or data) by using acommunication protocol defined in a communication program provided inthe client terminal. For example, if a browser program corresponding toa Wireless Application Protocol (WAP) or a Mobile Explorer (ME) protocolis provided in the client terminal, the interface unit 105 provides acommunication interface for connecting a communication channel with theclient terminal on the basis of the CDMA protocol, andtransmitting/receiving a webpage (e.g., a Wireless Markup Language (WML)compatible webpage or an HTML compatible webpage) and/or information byusing a WAP/ME protocol defined in the browser program. If the cardissue application program provided from the card issuing server 100 isprovided in the client terminal, the interface unit 105 provides acommunication interface for connecting a communication channel with theclient terminal on the basis of the CDMA protocol, andtransmitting/receiving information (or data) by using a communicationprotocol defined in the communication program.

Also, as illustrated in FIG. 1, the card issuing server 100 furtherincludes an interface providing unit 110, an information receiving unit115, a validity certifying unit 120, an information generating unit 125(or an information generating means), an information storing unit 135,and a card issuing unit 130 for issuing an IC card including the IC cardstorage information through a card issuing device 145.

When the card issue terminal 150 connects to the card issuing server 100through the interface unit 105, the interface providing unit 110generates a user interface for inputting (or selecting) the IC cardissue application information in correspondence with the functionalstructure of the card issue terminal 150 and transmitting the same tothe card issuing server 100 through the network means, and/or extractsthe user interface from a database (not illustrated), and provides thegenerated (or extracted) user interface to the card issue terminal 150through the network means in connection with the interface unit 105.Then, the card issue terminal 150 inputs (or selects) the IC card issueapplication information on the basis of the user interface and transmitsthe input (or selected) IC card issue application information to thecard issuing server 100 through the network means. According to anembodiment, if the card issue terminal 150 is a staff terminal connectedto a financial network, the interface providing unit 110 generates (orextracts) a user interface providable to a card issue applicationprogram provided in the staff terminal and provides the generated (orextracted) user interface to the staff terminal through the interfaceunit 105. According to another embodiment, if the card issue terminal150 is a client terminal including a wired terminal connected to a wiredcommunication network, the interface providing unit 110 generates (orextracts) a user interface providable to a browser program and/or acommunication program provided in the client terminal and provides thegenerated (or extracted) user interface to the client terminal throughthe interface unit 105. According to still another embodiment, if thecard issue terminal 150 is a client terminal including a wirelessterminal connected to a wireless communication network, the interfaceproviding unit 110 generates (or extracts) a user interface providableto a browser program and/or a communication program provided in theclient terminal and provides the generated (or extracted) user interfaceto the client terminal through the interface unit 105.

Also, when the card issue terminal 150 inputs (selects) IC card issueapplication information through the user interface and transmits thesame through the network means, the information receiving unit 115receives the IC card issue application information in connection withthe interface unit 105 and provides the received IC card issueapplication information to the validity certifying unit 120 or theinformation generating unit 125. According to an embodiment, the IC cardissue application information includes at least one of clientinformation of the card issue client and IC card information forverifying that an IC card issued to the client is an IC card forconnection of an end-to-end security channel with the financial system.Herein, it is preferable that the client information includes at leastone of personal information of the card issue client (e.g., client name,resident registration number, address, wireless terminal information (ormobile phone number), and e-mail address) and member information of theclient registered in the card issuing server 100 (e.g., member IDinformation). Also, it is preferable that the IC card informationincludes at least one of authorized certificate information, servercertificate information, and user certificate information provided in anIC card for connection of an end-to-end security channel with thefinancial system, and the IC card information may further include usespecification information of the IC card.

Also, on the basis of the received IC card issue applicationinformation, the validity certifying unit 120 verifies the validity ofissuing the IC card to the client.

Also, on the basis of the IC card issue application information receivedthrough the information receiving unit 115, the information generatingunit 125 generates (or extracts) IC card storage information to beprovided in the IC card for the client. The IC card storage informationincludes at least one of a card number corresponding to the IC card(e.g., a 16-digit card number), effective term information (partiallyomittable), and card issuing institution information (or code). Forexample, the card number may include a 4-digit card issuing institutionnumber, a 2-digit card type number, a 9-digit serial number, and a checkdigit. Also, it is preferable that the effective term informationincludes the available term (or expiry date) of the IC card. Theeffective term information may be omitted if there is no effective termin the IC card. Also, it is preferable that the card issuing institutioninformation (or code) includes at least one unique number (or uniquecode) assigned to a card issuing institution (or financial company)issuing the IC card to the client.

Also, when IC card storage information of the IC card is generated bythe information generating unit 125, the card issuing unit 130 producesan IC card including the IC card storage information through the IC cardissuing device 145 (or loads the IC card storage information into the ICcard) and the IC card is provided (or sent) to the client. Herein, thecard issuing device 145 includes a device for recording the IC cardstorage information in a memory of an IC chip of the IC card. In thiscase, the information generating unit 125 generates (or extracts) the ICcard storage information in a file structure operatable through a ChipOperating System (COS) provided in the IC chip, and the card issuingunit 130 records the IC card storage information in the memory of the ICchip through the card issuing device 145, thereby issuing an IC card tothe client. Thus, the produced IC card is provided to the client and/orsent to the client according to a card providing procedure, so that theclient uses the IC card through the financial system according to thepresent invention.

The information storing unit 135 stores IC card issue information in thestorage medium 140, which includes at least one of client informationincluded in the IC card issue application information received from theclient through the information receiving unit 115, the generated IC cardstorage information, and at least one certificate information forconnection of an end-to-end security channel with the financial system(e.g., user certificate information or server certificate information).Herein, the client information in the IC card issue information includesat least one of personal information of the card issue client (e.g.,client name, resident registration number, address, wireless terminalinformation (or mobile phone number), and e-mail address) and memberinformation of the client registered in the card issuing server 100(e.g., member ID information). Also, for connection of an end-to-endsecurity channel between the IC card and the financial system, thecertificate information in the IC card issue information includes atleast one of user certificate information and server certificationinformation. Herein, it is preferable that the user certificateinformation includes public key information for encrypting a randomnumber Rs generated by the financial system for connection of anend-to-end security channel with the financial system, and it ispreferable that the server certificate information includes private keyinformation for decrypting the generated random number Rs aftergeneration of a random number Rc to be transmitted to the financialsystem for connection of an end-to-end security channel with thefinancial system. Also, certificate management information may befurther included to manage the certificate information including atleast one of the user certificate information and the server certificateinformation.

FIG. 2 is a schematic block diagram of an IC card for connection of anend-to-end channel with a financial system on a communication networkaccording to an embodiment of the present invention. That is, FIG. 2illustrates an IC card structure that includes user certificateinformation 215 and server certificate information 230, for connectionof an end-to-end security channel with the financial system on thecommunication network, in a memory on an IC chip of the IC card issuedthrough the card issuing system of FIG. 1. The present invention is notlimited thereto and includes various modifications and additions thatcan be made by those of ordinary skill in the art. For example, in thememory, only server certificate information 230 may be provided in theIC card for connection of an end-to-end security channel with thefinancial system on the communication network.

Referring to FIG. 2, the IC chip of the IC card includes: at least oneI/O interface 200 for inputting/outputting data; a memory unit 210 forstoring card information and card application codes; and a processorunit 205 for executing the application codes.

The IC chip of the IC includes an I/O interface 200 for connecting to acard terminal in a contact manner through a contact point, such as apower supply VCC, a reset signal RST, a clock signal CLK, a ground GND,a programming power supply VPP, and/or an input/output I/O, according tothe ISO/IEC 7816 standard and communicating with the financial system(e.g., command or data exchange) through the card terminal, or includesan I/O interface 200 for communicating with the financial system (e.g.,command or data exchange) through a card terminal in a noncontact mannerthrough two antenna connection contact points (not illustrated)according to the ISO/IEC 14443 standard. Also, the IC chip stores servercertificate information 230, which is provided by an certifying serverdistributing a server certificate, in a storage area of the memory unit210 on a block basis. Also, the IC chip includes a memory unit 210 forstoring server address information corresponding to the servercertificate.

Also, the processor unit 205 includes at least one or more operationalelements including a Central Process Unit (CPU), a Micro Process Unit(MPU), and a co-processor, and executes an application code stored inthe memory unit 210. Also, the processor unit 205 controls anapplication for detecting a memory address storing a server public keyincluded in the server certificate from a block stored in the memorystorage area, and extracting the server public key from the detectedmemory address.

Also, the memory unit 210 includes: nonvolatile memories including atleast one or more of a Read Only Memory (ROM), an Electrically Erasableand Programmable Read Only Memory (EEPROM), and a Flash Memory (FM); andat least one or more volatile memories (or execution memories) such asRandom Access Memories (RAMs). The memory unit 210 stores cardinformation and a card application code operating based on the cardinformation. Specifically, a memory (e.g., a ROM) of the memory unit 210stores a program code corresponding to a Chip Operating System (COS) formanaging and operating IC card internal resources. If a given power issupplied from the financial system through a card terminal through thepower supply (VCC) contact point of the I/O interface 200, a COS storedin the memory unit 210 is loaded into an execution memory to control anoverall operation of the IC chip and to control information/dataexchange between the financial system through the card terminal and theIC chip through an Application Protocol Data Unit (APDU) on the basis ofa clock frequency (e.g., 3.57 MHz or 4.9 MHz) of the clock signal (CLK)contact point.

Also, the memory unit 210 stores user certificate information 215 forconnection of an end-to-end security channel with the financial systemon the communication network. Like the card storage information, theuser certificate information 215 includes: a storage unit 225 storingprivate key information corresponding to the user certificateinformation 215; and a processing unit 220 corresponding to a cardapplication code provided in the IC chip corresponding to the usercertificate information 215. Herein, it is preferable that the privatekey information (i.e., user private key information) includesinformation for receiving and decrypting an E(Rs) transmitted byencrypting a random number Rs generated by the financial system on thecommunication network.

Also, the memory unit 210 stores server certificate information 230 forconnection of an end-to-end security channel with the financial systemon the communication network. Like the card storage information, theserver certificate information 230 includes: a storage unit 240 storingpublic key information corresponding to the server certificateinformation 230; and a processing unit 235 corresponding to a cardapplication code provided in the IC chip corresponding to the servercertificate information 230. Herein, it is preferable that the publickey information (i.e., server public key information) includesinformation for generating a random number Rc to be transmitted to thefinancial system and generating an E(Rc) by encrypting the random numberRc through the public key information.

Also, for connection of an end-to-end security channel with thefinancial system on the communication network, the memory unit 210includes: a generating unit 245 for generating a session key K′ througha random number Rc generated by the IC card and a random key Rsdecrypted after reception from the financial system; and a processingunit 250 for generating a card verifier MAC′ by encrypting the randomnumber Rs using the generated session key K′ and processing thegenerated card verifier MAC′ to be transmitted to the financial systemon the communication network, or generating an E(Rc) by encrypt therandom number Rc generated by the IC card through the server public keyand processing the generated E(Rc) to be transmitted to the financialsystem on the communication network, or receiving a server verifier MACfrom the financial system and generating/comparing the card verifierMAC′ by encrypting the random number Rc generated by the IC card throughthe session key K′ to certify the session key K′.

It is preferable that the processing unit 250 further includes afunction for processing of connection of an end-to-end security channelbetween the IC card and the financial system upon completion of thecertification of the session key K′. Also, it is preferable that theprocessing unit 250 further includes a function for generating Data′ tobe transmitted to the financial system through the security channel uponcompletion of the certification of the session key K′, generatingE(Data′) by encrypting the generated Data′ by the session key K′, andtransmitting the generated E(Data′) to the financial system through thesecurity channel. Depending on the intentions of those skilled in theart, the decrypted Data may be provided to a terminal with an IC cardreader (or a terminal connected to the terminal with the IC cardreader). Also, it is preferable that the processing unit 250 furtherincludes a function for receiving information input by the terminal withthe IC card reader (or information received according to an APDUprotocol) in connection with the I/O interface 200.

Also, according to an embodiment, the session key K′ is generated byclassifying the random number Rs obtained by decrypting the encryptedE(Rs) received from the financial system and the random number Rcgenerated by the IC card into high and low regions; Exclusive OR(XOR)-operating a high region Rs_H and a low region Rs_L of the randomnumber Rs and a high region Rc_H and a low region Rc_L of the randomnumber Rc to generate a high SEED value Rc_L XOR Rs_H and a low SEEDvalue Rc_H XOR Rs_L; and encrypting the generated SEED values by asecret key. Also, according to another embodiment, the session key K′ isgenerated by classifying the random number Rs obtained by decrypting theencrypted E(Rs) received from the financial system and the random numberRc generated by the IC card into high and low regions; XOR-operating ahigh region Rs_H and a low region Rs_L of the random number Rs and ahigh region Rc_H and a low region Rc_L of the random number Rc togenerate a high SEED value Rs_L XOR Rc_H and a low SEED value Rs_H XORRc_L; and encrypting the generated SEED values by a secret key. Herein,it is preferable that the secret key is a master key stored separatelyon the IC card.

Also, according to an embodiment, the card verifier MAC′ is generated byencrypting the random number Rs received from the financial systemthrough the generated session key K′. Also, according to anotherembodiment, the card verifier MAC′ is generated by encrypting the randomnumber Rc generated by the IC card through the generated session key K′.

Also, the memory unit 210 of the IC chip includes a security structurebased on the ISO/IEC 10202. Accordingly, the memory unit 210 includes: aprotected area for storing secret information such as a Chip SerialNumber (CSN); a COS control area; a user application area; a read/writeaccess area; an application program area; and a File Allocation Table(FAT) management area, and the card storage information and usercertificate information 215 for connection of an end-to-end securitychannel with the financial system on the communication network arestored in the area except the protected area and the COS control area.Also, according to the ISO/IEC 7816 and/or ISO/IEC 14443 standards, thememory unit 210 includes a file structure including: a Master File (MF)corresponding to a root file; an Answer To Reset (ART) includingfunction information about at least one storage information in the MFsubordinate; at least one Dedicate File (DF) corresponding to each ICCstorage information; and an Element File (EF) disposed at the DFsubordinate and including substantial information and/or data for asmart card service, and the user certificate information 215 or theserver certificate information 230 for connection of an end-to-endsecurity channel with the financial system on the communication networkalso includes such a file structure.

Also, it is preferable that the card storage information or the usercertificate information 215 or the server certificate information 230for connection of an end-to-end security channel with the financialsystem on the communication network includes: a dedicated file disposedat the master file subordinate and including characteristic informationor unique ID information about the card storage information or the usercertificate information 215 or the server certificate information 230;an element file disposed at the dedicated file subordinate and storingFile Control Information (FCI); and at least one element filecorresponding to the card information. Herein, the element file storingthe FCI is an element file that stores a data byte corresponding to aresponse to a SELECT FILE command transmitted through a card terminal tothe IC card by a program provided in the financial system. The elementfile includes: an FCP template transmitting a Basic Encoding Rules-Tag,Length, Value (BER-TLV) data object File Control Parameter (FCP) definedin TABLE 2 of the ISO/IEC 7816-4; and/or an FMD template transmitting aBER-TLV data object File Management Data (FMD) defined in TABLE 2 of theISO/IEC 7816-4; and/or an FCI template transmitting the FCP and the FMD,and the template is searched according to the options of the SELECT FILEcommand. In general, if the FCP or the FMD is determined, thecorresponding template is mandatory; and if the FCI option isdetermined, the use of the FCI template is optional.

Also, among the storage information provided in the IC card, the cardstorage information or the user certificate information 215 or theserver certificate information 230 is selected based on a fileidentifier, a path, or an EF identifier. The file identifier basedselection method uses a 2-byte identifier allocated to each file, whichselects the card storage information or the user certificate information215 or the server certificate information 230 on the basis of anidentifier allocated to a dedicated file of the card storage informationor the user certificate information 215 or the server certificateinformation 230. The path based selection method uses a “3FFF”identifier to select the card storage information or the usercertificate information 215 or the server certificate information 230.The EF identifier based selection method selects the card storageinformation or the user certificate information 215 or the servercertificate information 230 on the basis of a 5-bit (from ‘0 ’ to ‘30 ’)identifier allocated to each element file. In general, if the fileidentifier based selection method and the path based selection methodare used, the card storage information or the user certificateinformation 215 or the server certificate information 230 may beaccessed through the SELECT FILE command. If the file identifier basedselection method is not used, a dedicated file of the card storageinformation or the user certificate information 215 or the servercertificate information 230 may be omitted.

Also, the private key information (i.e., user private key information)stored in the storing unit provided in the server certificateinformation 230 or the user certificate information 215 for connectionof an end-to-end security channel with the financial system on thecommunication network on the memory unit 210 of the IC chip provided inthe IC card includes at least one information for receiving anddecrypting the E(Rs) transmitted by encrypting the random number Rsgenerated by the financial system on the communication network. It ispreferable that a file structure for the private key information accordswith the financial IC card standard. Also, it is preferable that theprivate key information (i.e., user private key information) includesinformation for receiving and decrypting the E(Rs) transmitted byencrypting the random number Rs generated by the financial system on thecommunication network.

Also, the public key information (i.e., server public key information)stored in the storing unit provided in the server certificateinformation 230 or the user certificate information 215 for connectionof an end-to-end security channel with the financial system on thecommunication network on the memory unit 210 of the IC chip provided inthe IC card includes at least one information for generating the E(Rs)by encrypting the random number Rc to be transmitted to the financialsystem. It is preferable that a file structure for the public keyinformation accords with the financial IC card standard. Also, it ispreferable that the public key information (i.e., server public keyinformation) includes information for generating the random number Rc tobe transmitted to the financial system and encrypting the random key Rcby the public key information to generate the E(Rc).

FIG. 3 is a flow diagram illustrating a card issuing process forconnection of an end-to-end channel with a financial system according toan embodiment of the present invention. That is, FIG. 3 illustrates acard issuing process in which, when a client writes a card issueapplication form through a face-to-face card issuing interface (e.g.,the card issue application form, a staff terminal, and a network means)in the card issuing system of FIG. 1 to present the same to a cardissuing staff, the card issuing staff input (selects) IC card issueapplication information corresponding to the card issue application formthough a card issue terminal to transmit the same to the card issuingserver, and the card issuing server issues an IC card for connection ofan end-to-end security channel with the financial system to the clienton the basis of the IC card issue application information. The presentinvention is not limited thereto and includes various modifications andadditions that can be made by those of ordinary skill in the art. Forexample, although FIG. 3 illustrates that IC card issue information isstored in the storage medium after the IC card is produced and provided(or sent) to the client, the IC card issue information may be stored inthe storage medium before or after the IC card is produced and provided(sent) to the client, depending on the intentions of those skilled inthe art. Hereinafter, for the sake of convenience, the card issueterminal of FIG. 1 will be referred to as a terminal and the cardissuing server will be referred to a server.

Referring to FIG. 3, for issue of the IC card for connection of anend-to-end security channel with the financial system, when the clientwrites a card issue application form (a document with a form for writingin at least one information field for connection of an end-to-endsecurity channel with the financial system) through a face-to-face cardissuing interface (e.g., the card issue application form, the staffterminal, and the network means) to present the same to a card issuingstaff, the terminal inputs (selects) IC card issue applicationinformation corresponding to the written card issue application formthrough a user interface by the card issuing staff (S300), and transmitsthe IC card issue application information to the server through thenetwork means (S305). Herein, the IC card issue application informationincludes at least one of client information of the card issue client andIC card information for certifying the IC card issued to the client isan IC card for connection of an end-to-end security channel with thefinancial system. As described above, it is preferable that the clientinformation includes at least one of personal information of the cardissue client (e.g., client name, resident registration number, address,wireless terminal information (or mobile phone number), and e-mailaddress) and member information of the client registered in the cardissuing server (e.g., member ID information). Also, as described above,it is preferable that the IC card information includes at least one ofauthorized certificate information, server certificate information, anduser certificate information provided in an IC card for connection of anend-to-end security channel with the financial system, and the IC cardinformation may further include use specification information of the ICcard.

Thereafter, the server receives the IC card issue applicationinformation from the terminal through the network means and reads thesame to verify the card issue validity of issuing the IC card forconnection of an end-to-end security channel with the financial systemto the client on the basis of the client information included in the ICcard issue application information (S310). It is preferable that thevalidity verification includes checking the real name of the client inconnection with a real name checking server (not illustrated) through acommunication means on the basis of the client name and the residentregistration number included in the client information. Herein, if theIC card includes a credit card, it is preferable that the validityverification includes checking the credit information of the client inconnection with a credit assessment server through a communication meanson the basis of the client information. Also, if the IC card includes acheck card/debit card, the validity verification includes checking theopening and normality of a client account associated with the checkcard/debit card in connection with a financial company server, in whichthe client account is opened, through a communication means on the basisof the client information.

If the validity of issuing the IC card to the client is not verifiedthrough the IC card issue application information (S315), the serverprovides card issue error information to the client through the cardissuing interface (S320) and stops issuing the IC card to the client. Onthe other hand, if the validity of issuing the IC card to the client isverified through the IC card issue application information (S315), theserver generates (or extracts) IC card storage information correspondingto the IC card to be issued to the client on the basis of the IC cardissue application information (S325). Herein, as described above, the ICcard storage information includes at least one of a card numbercorresponding to the IC card (e.g., a 16-digit card number), effectiveterm information (partially omittable), and card issuing institutioninformation (or code). For example, it is preferable that the cardnumber includes a 4-digit card issuing institution number, a 2-digitcard type number, a 9-digit serial number, and a check digit. Also, itis preferable that the effective term information includes the availableterm (or expiry date) of the IC card. The effective term information maybe omitted if there is no effective term in the IC card. Also, it ispreferable that the card issuing institution information (or code)includes at least one unique number (or unique code) assigned to a cardissuing institution (or financial company) issuing the IC card to theclient. Also, it is preferable that the generated IC card storageinformation includes a file structure operatable through a ChipOperating System (COS) provided in the IC chip.

Thereafter, the server produces an IC card having the IC card storageinformation through a card issuing device and provides (or sends) thegenerated IC card to the client (S330). Herein, as described above, itis preferable that the IC card issuing device includes a device thatrecords the IC card storage information in a memory of an IC chip of theIC card.

Thereafter, the server stores IC card issue information, which includesat least one of client information included in the IC card issueapplication information provided from the client through the cardissuing interface, the generated IC card storage information, and atleast one certificate information for connection of an end-to-endsecurity channel with the financial system (e.g., user certificateinformation 215 or server certificate information 230), in storagemedium (S335). Herein, the IC card information and the clientinformation included in the IC card issue information are the same asthose described above. Also, as described above, it is preferable thatthe storage medium is provided in a DBMS on a financial system providedon the financial system (or connected with the financial system). Thestorage medium may be a ledger D/B provided in a DBMS on the financialsystem and/or a database connected with the ledger D/B.

FIG. 4 is a flow diagram illustrating a card issuing process forconnection of an end-to-end channel with a financial system according toanother embodiment of the present invention. That is, FIG. 4 illustratesa card issuing process in which, when a client connects to the cardissuing server through a non-face-to-face card issuing interface (e.g.,a network means and a client terminal including at least one of a wiredterminal and a wireless terminal) in the card issuing system of FIG. 1to input (select) and transmit IC card issue application information,the card issuing staff input (selects) IC card issue applicationinformation corresponding to the card issue application form though acard issue terminal to transmit the same to the card issuing server, andthe card issuing server issues an IC card for connection of anend-to-end security channel with the financial system to the client onthe basis of the IC card issue application information. The presentinvention is not limited thereto and includes various modifications andadditions that can be made by those of ordinary skill in the art. Forexample, although FIG. 4 illustrates that IC card issue information isstored in the storage medium after the IC card is produced and provided(or sent) to the client, the IC card issue information may be stored inthe storage medium before or after the IC card is produced and provided(sent) to the client, depending on the intentions of those skilled inthe art. Hereinafter, for the sake of convenience, the card issueterminal of FIG. 1 will be referred to as a terminal and the cardissuing server will be referred to a server.

Referring to FIG. 4, the client accesses the server through theterminal, connects a communication channel for card issue application,and applies for the issue of the IC card for connection of an end-to-endsecurity channel with the financial system through the communicationchannel (S400). Then, the server generates (or selects) a user interfacefor the IC card issue and provides the same to the terminal through thecommunication channel (S405).

Thereafter, the terminal inputs (or selects) the IC card issueapplication information through the user interface and transmits theinput (or selected) IC card issue application information to the serverthrough the communication channel (S410). Herein, the IC card issueapplication information includes at least one of client information ofthe card issue client and IC card information for certifying the IC cardissued to the client is an IC card for connection of an end-to-endsecurity channel with the financial system. The client information andthe IC card information are the same as those described with referenceto FIG. 3.

Thereafter, the server receives the IC card issue applicationinformation from the terminal through the network means and reads thesame to verify the card issue validity of issuing the IC card forconnection of an end-to-end security channel with the financial systemto the client on the basis of the client information included in the ICcard issue application information (S415). Herein, the validityverification is the same as that described with reference to FIG. 3.

If the validity of issuing the IC card to the client is not verifiedthrough the IC card issue application information (S420), the serverprovides card issue error information to the client through the cardissuing interface (S425) and stops issuing the IC card to the client. Onthe other hand, if the validity of issuing the IC card to the client isverified through the IC card issue application information (S420), theserver generates (or extracts) IC card storage information correspondingto the IC card to be issued to the client on the basis of the IC cardissue application information (S430). Herein, the IC card storageinformation is the same as that described with reference to FIG. 3.

Thereafter, the server produces an IC card having the IC card storageinformation through a card issuing device and provides (or sends) thegenerated IC card to the client (S435). Herein, it is preferable thatthe IC card issuing device includes a device that records the IC cardstorage information in a memory of an IC chip of the IC card.

Thereafter, the server stores IC card issue information, which includesat least one of client information included in the IC card issueapplication information provided from the client through the cardissuing interface, the generated IC card storage information, and atleast one certificate information for connection of an end-to-endsecurity channel with the financial system (e.g., user certificateinformation 215 or server certificate information 230), in storagemedium (S440). Herein, the IC card information and the clientinformation included in the IC card issue information are the same asthose described above. Also, the storage medium is the same as thatdescribed with reference to FIG. 3.

FIG. 5 is a schematic block diagram of a banking system for operation ofan end-to-end security channel between an IC card 545 and a server on acommunication network according to an embodiment of the presentinvention. That is, FIG. 5 illustrates a schematic structure of thebanking system in which a client desiring to use a financial transactionservice accesses a server on the banking system through the IC card 545to connect a communication channel and then generates a security channelfor connection of an end-to-end security channel between the IC card 545and the server on the communication network. The present invention isnot limited thereto and includes various modifications and additionsthat can be made by those of ordinary skill in the art.

Referring to FIG. 5, the banking system for operation of an end-to-endsecurity channel between the IC card 545 and the server on thecommunication network includes at least one client terminal 540including at least one wired terminal and/or wireless terminal used by aclient, and the client terminal 540 has a communication channel with abanking server 500 of the banking system through a network means. Whenthe client request a connection to the banking server 500 through atleast one client terminal including a wired terminal connected to awired communication network and/or a wireless terminal connected to awireless communication network, the banking server 500 requests a PINinput through a terminal device 550 connected with the client terminal540. Upon completion of PIN certification in an IC card 545, the bankingserver 500 transmits/receives at least one information for operation ofan end-to-end security channel between the IC card 545 and the server onthe communication network to connect a security channel.

Also, the terminal device 550 connected with the client terminal 540 isa general term for all terminal devices 550 having a function forreading the IC card 545, and it is preferable that the client terminal540 includes any terminal having a function for reading the IC card 545.Also, the wired terminal connected to the wired communication networkand the wireless terminal connected to the wireless communicationnetwork are the same as those described with reference to FIG. 1.

Also, it is preferable that the banking server 500 connected with theclient terminal includes at least one of an Internet banking server, awireless banking server, a telebanking server, and a TV banking serveraccording to the characteristics of the client terminal and the networkmeans, or includes a separate web server for the informationregistration. Also, it is preferable that the network means connectingthe client terminal to the banking server 500 includes at least one of aCDMA based mobile communication network, an IEEE 802.16x based portableinternet, and a DataTAX/Mobitex based wireless data communicationnetwork according to the type of the wireless communication network towhich the client terminal is connected, or includes any type of wirelesscommunication network, which will be proposed in the future, including awireless interval. Also, it is preferable that the client terminal has afunctional configuration (e.g., a browser program and a communicationfunction, or a communication program and a communication functioncommunicating with the banking server 500) for outputting at least oneuser interface provided from the banking server 500, inputting and/orselecting at least one information through the user interface, andtransmitting the information to the banking server 500.

Also, the storage medium stores IC card (545) issue informationincluding client information about the IC card 545 issued through thecard issuing server, IC card (545) storage information, and at least onecertificate information. It is preferable that the client informationincluded in the IC card (545) issue information includes at least one ofpersonal information of the card issue client (e.g., client name,resident registration number, address, wireless terminal information (ormobile phone number), and e-mail address) and member information of theclient registered in the card issuing server (e.g., member IDinformation). Also, for connection of an end-to-end security channelbetween the IC card 545 and the financial system, it is preferable thatthe certificate information included in the IC card (545) issueinformation includes at least one of user certificate information andserver certification information. Herein, it is preferable that the usercertificate information includes public key information for encrypting arandom number Rs generated by the financial system for connection of anend-to-end security channel with the financial system. Also, it ispreferable that the server certificate information includes private keyinformation for decrypting the generated random number Rs aftergeneration of a random number Rc to be transmitted to the financialsystem for connection of an end-to-end security channel with thefinancial system. Also, certificate management information may befurther included to manage the certificate information including atleast one of the user certificate information and the server certificateinformation. According to an embodiment, the storage medium 535 isprovided in a DBMS on a financial system provided on the financialsystem (or connected with the banking system). Herein, the storagemedium 535 may be a ledger D/B provided in the DBMS on the financialsystem, and/or a database connected with the ledger D/B. According toanother embodiment, the storage medium 535 may be provided in a DBMS onat least one banking system including an Internet banking system, awireless banking system, or a TV banking system provided on (orconnected with) the banking system.

The banking server 500 is a general term for the components of thebanking system connected to the IC card 45 through a communicationnetwork including the client terminal 540 and the terminal device 550.The banking server 500 may include at least one server (or device), ormay be embodied in at least one program recorded in a recording mediumprovided in the server (or device). Also, the banking server 500includes: a random number generating unit 510 for generating a randomnumber Rs to be transmitted to the IC card 545 for operation of anend-to-end security channel between the IC card 545 and the server onthe communication network when a communication channel is connected withthe IC card 545; an encrypting unit 520 for encrypting the generatedrandom number Rs through a public key corresponding to the usercertificate information provided in the IC card 545, to generate anencrypted random number E(Rs); and an information transmitting unit 530for transmitting the generated E(Rs) to the IC card 545 through thecommunication network.

When a communication channel is connected with the IC card 545, therandom number generating unit 510 generates a random number Rs to betransmitted to the IC card 545 for operation of an end-to-end securitychannel between the IC card 545 and the server on the communicationnetwork, and provides the generated random number Rs to the encryptingunit 520.

Also, the encrypting unit 520 encrypts the generated random number Rsthrough a public key corresponding to the user certificate informationprovided in the IC card 545 to generate an encrypted random numberE(Rs), and provides the generated E(Rs) to the information transmittingunit 530.

Also, the information transmitting unit 530 transmits the generatedE(Rs) to the IC card 545 through the communication network. According toan embodiment, the generated E(Rs) is transmitted through the clientterminal 540 and the terminal device 550 having an IC card (545) readerfunction and connected with the client terminal 540. Also, according toanother embodiment, the generated E(Rs) is transmitted directly to theIC card 545 through the terminal device 550 having an IC card (545)reader function.

Also, the banking server 500 further includes: an information receivingunit 505 for receiving the E(Rc) and a card verifier MAC′ generated bythe IC card 545; a decrypting unit 525 for decrypting the received E(Rc)by a server private key to extract the random number Rc generated by theIC card 545; a session key processing unit 515 for generating a sessionkey K by using the random number Rc generated by the IC card 545 and therandom number Rs generated by the banking server 500; an encrypting unit520 for encrypting the generated random number Rs by the generatedsession key K to generate a server verifier MAC; and an informationtransmitting unit 530 for transmitting the generated server verifier MACto the IC card 545 through the communication network. Also, the bankingserver 500 further includes a session key processing unit 515 forcomparing the server verifier MAC generated by the encrypting unit 520with the card verifier MAC′ received from the IC card 545 to verify thesession key generated by the server.

The information receiving unit 505 receives the E(Rc) and a cardverifier MAC′ generated by the IC card 545, provides the received E(Rc)to the decrypting unit 525, and provides the received card verifier MAC′to the session key processing unit 515. According to an embodiment, theE(Rc) and the card verifier MAC′ are received from the IC card 545through the client terminal 540 and the terminal device 550 having an ICcard (545) reader function and connected with the client terminal 540.According to another embodiment, the E(Rc) and the card verifier MAC′are received directly from the IC card 545 through the terminal device550 having an IC card (545) reader function.

Also, the decrypting unit 525 decrypts the received E(Rc) by a serverprivate key to extract the random number Rc generated by the IC card545, and provides the extracted random number Rc to the session keyprocessing unit 515.

Also, the session key processing unit 515 generates a session key K byusing the random number Rc generated by the IC card 545 and the randomnumber Rs generated by the banking server 500. Also, the session keyprocessing unit 515 has a function for comparing the server verifier MACgenerated by the encrypting unit 520 with the card verifier MAC′received from the IC card 545 to verify the session key generated by theserver. In an embodiment, the session key K is generated by classifyingthe random number Rs generated by the banking server 500 and the randomnumber Rc generated by the IC card 545 into high and low regions;Exclusive OR (XOR)-operating a high region Rs_H and a low region Rs_L ofthe random number Rs and a high region Rc_H and a low region Rc_L of therandom number Rc to generate a high SEED value Rc_L XOR Rs_H and a lowSEED value Rc_H XOR Rs_L; and encrypting the generated SEED values by asecret key. In another embodiment, the session key K is generated byclassifying the random number Rs generated by the banking server 500 andthe random number Rc generated by the IC card 545 into high and lowregions; XOR-operating a high region Rs_H and a low region Rs_L of therandom number Rs and a high region Rc_H and a low region Rc_L of therandom number Rc to generate a high SEED value Rs_L XOR Rc_H and a lowSEED value Rs_H XOR Rc_L; and encrypting the generated SEED values by asecret key.

Also, the encrypting unit 520 encrypts the generated random number Rs ofthe banking server 500 by the generated session key K to generate aserver verifier MAC, and provides the generated server verifier MAC tothe information transmitting unit 530.

Also, the information transmitting unit 530 transmits the generatedserver verifier MAC to the IC card 545 through the communicationnetwork. According to an embodiment, the generated server verifier MACis transmitted through the client terminal 540 and the terminal device550 having an IC card (545) reader function and connected with theclient terminal 540. Also, according to another embodiment, thegenerated server verifier MAC is transmitted directly to the IC card 545through the terminal device 550 having an IC card (545) reader function.

Also, the banking server 500 includes: an information receiving unit 505for receiving encrypted data E(Data′) from the IC card 545; a decryptingunit 525 for decrypting the received encrypted data E(Data′) by thegenerated session key K; an encrypting unit 520 for encrypting, if thereis Data to be transmitted to the IC card 545 through the communicationnetwork, the Data by the session key K to generate encrypted dataE(Data); and an information transmitting unit 530 for transmitting thegenerated E(Data) to the IC card 545 through the communication network.

The information receiving unit 505 receives encrypted data E(Data′) fromthe IC card 545, and provides the received encrypted data E(Data′) tothe decrypting unit 525. According to an embodiment, the encrypted dataE(Data′) are received from the IC card 545 through the client terminal540 and the terminal device 550 having an IC card (545) reader functionand connected with the client terminal 540. According to anotherembodiment, the encrypted data E(Data′) are received directly from theIC card 545 through the terminal device 550 having an IC card (545)reader function.

Also, the decrypting unit 525 decrypts the received encrypted dataE(Data′) by the generated session key K, and it is preferable that thedecrypted data Data′ provide a financial transaction servicecorresponding to the data. Herein, a method of decrypting the encrypteddata E(Data′) by a session key K′ in the IC card 545 includes all thewell-known methods.

Also, if there is Data to be transmitted to the IC card 545 through thecommunication network, the encrypting unit 520 encrypts the Data by thesession key K to generate encrypted data E(Data), and provides thegenerated encrypted data E(Data) to the information transmitting unit530. Herein, a method of encrypting the Data by the session key Kincludes all the well-known methods.

Also, the information transmitting unit 530 transmits the generatedE(Data) to the IC card 545 through the communication network. Accordingto an embodiment, the generated E(Data) are transmitted to the IC card545 through the client terminal 540 and the terminal device 550 havingan IC card (545) reader function and connected with the client terminal540. Also, according to another embodiment, the generated E(Data) aretransmitted to the IC card 545 through the terminal device 550 having anIC card (545) reader function.

FIG. 6 is a flow diagram illustrating an operation of a banking systemfor operation of an end-to-end security channel between an IC card 545and a server on a communication network according to an embodiment ofthe present invention. That is, FIG. 6 illustrates an operation of thebanking system in which a client desiring to use a financial transactionservice accesses a server on the banking system through the IC card 545to connect a communication channel and then generates a security channelfor connection of an end-to-end security channel between the IC card 545and the server on the communication network. The present invention isnot limited thereto and includes various modifications and additionsthat can be made by those of ordinary skill in the art. Hereinafter, forthe sake of convenience, the IC card 545 of FIG. 5 will be referred toas a card and the banking server 500 of FIG. 5 will be referred to aserver.

Referring to FIG. 6, when a communication channel is connected with theIC card 545, the server 500 generates a random number Rs to betransmitted to the IC card 545 for operation of an end-to-end securitychannel between the IC card 545 and the server on the communicationnetwork, generates an E(Rs) by encrypting the generated random number Rsby a public key corresponding to user certificate information providedin the IC card 545 (S600), and transmits the generated E(Rs) to the card(S605).

Thereafter, the terminal extracts a random number Rs by decrypting thereceived E(Rs) by a user private key (S610), and generates a session keyK′ by using the random number Rs and a random number Rc (S615).According to an embodiment, the session key K′ is generated byclassifying the random number Rs obtained by decrypting the encryptedE(Rs) received from the financial system and the random number Rcgenerated by the IC card 545 into high and low regions; Exclusive OR(XOR)-operating a high region Rs_H and a low region Rs_L of the randomnumber Rs and a high region Rc_H and a low region Rc_L of the randomnumber Rc to generate a high SEED value Rc_L XOR Rs_H and a low SEEDvalue Rc_H XOR Rs_L; and encrypting the generated SEED values by asecret key. Also, according to another embodiment, the session key K′ isgenerated by classifying the random number Rs obtained by decrypting theencrypted E(Rs) received from the financial system and the random numberRc generated by the IC card 545 into high and low regions; XOR-operatinga high region Rs_H and a low region Rs_L of the random number Rs and ahigh region Rc_H and a low region Rc_L of the random number Rc togenerate a high SEED value Rs_L XOR Rc_H and a low SEED value Rs_H XORRc_L; and encrypting the generated SEED values by a secret key.

Thereafter, the card generates a card verifier MAC′ by encrypting therandom number Rs by the generated session key K′ (S620), and transmitsthe generated card verifier MAC′ and the random number Rc to the server(S625). Herein, it is preferable that the card verifier MAC′ isgenerated by encrypting the random number Rs received from the financialsystem by the generated session key K′.

Thereafter, the server generates a session key K by using the randomnumber Rc and the random number Rs (S630). According to an embodiment,the session key K is generated by classifying the random number Rsgenerated by the banking server 500 and the random number Rc generatedby the IC card 545 into high and low regions; Exclusive OR(XOR)-operating a high region Rs_H and a low region Rs_L of the randomnumber Rs and a high region Rc_H and a low region Rc_L of the randomnumber Rc to generate a high SEED value Rc_L XOR Rs_H and a low SEEDvalue Rc_H XOR Rs_L; and encrypting the generated SEED values by asecret key. Also, according to another embodiment, the session key K isgenerated by classifying the random number Rs generated by the bankingserver 500 and the random number Rc generated by the IC card 545 intohigh and low regions; XOR-operating a high region Rs_H and a low regionRs_L of the random number Rs and a high region Rc_H and a low regionRc_L of the random number Rc to generate a high SEED value Rs_L XOR Rc_Hand a low SEED value Rs_H XOR Rc_L; and encrypting the generated SEEDvalues by a secret key.

Thereafter, the server generates a server verifier MAC by encrypting therandom number Rs by the generated session key K (S635),compares/verifies the generated server verifier MAC and the receivedcard verifier MAC′ (S640), generates a server verifier MAC by encryptingthe random number Rc by the generated session key K (S645), andtransmits the generated server verifier MAC to the card (S650). Herein,if the card verifier is different from the server verifier, the securitychannel may be disconnected or a financial transaction channel may bereset.

Thereafter, the card compares/verifies the server verifier MAC and thecard verifier MAC′ (S655).

FIG. 7 is a flow diagram illustrating an operation of a banking systemfor operation of an end-to-end security channel between an IC card 545and a server on a communication network according to another embodimentof the present invention. The banking system operation of FIG. 7 isidentical to the banking system operation of FIG. 6 with the exceptionthat the banking system operation of FIG. 7 further includes averification process using a server public key and a server private key.That is, the banking system operation of FIG. 7 further includes aprocess in which when the IC card encrypts a generated random number Rcby the server public key and transmits the same to the server, theserver decrypts the same by the server private key, thereby securing theverification. The present invention is not limited thereto and includesvarious modifications and additions that can be made by those ofordinary skill in the art. Hereinafter, for the sake of convenience, theIC card 545 of FIG. 5 will be referred to as a card and the bankingserver 500 of FIG. 5 will be referred to a server.

Referring to FIG. 7, when a communication channel is connected with theIC card 545, the server 500 generates a random number Rs to betransmitted to the IC card 545 for operation of an end-to-end securitychannel between the IC card 545 and the server on the communicationnetwork, generates an E(Rs) by encrypting the generated random number Rsby a public key corresponding to user certificate information providedin the IC card 545 (S700), and transmits the generated E(Rs) to the card(S705).

Thereafter, the terminal extracts a random number Rs by decrypting thereceived E(Rs) by a user private key (S710), and generates a session keyK′ by using the random number Rs and a random number Rc (S715). Herein,a method of generating the session key K′ is the same as that describedwith reference to FIG. 6.

Thereafter, the card generates an E(Rc) by encrypting the generatedrandom number Rc by a server public key (S720), generates a cardverifier MAC′ by encrypting the random number Rs by the generatedsession key K′ (S725), and transmits the generated card verifier MAC′and the encrypted E(Rc) to the server (S730). Herein, it is preferablethat the card verifier MAC′ is generated by encrypting the random numberRs received from the financial system by the generated session key K′,as described with reference to FIG. 6.

Thereafter, the server extracts a random number Rc by decrypting thereceived E(Rc) by a server private key (S735), generates a session key Kby using the random number Rc and the random number Rs (S740). Herein, amethod of generating the session key K is the same as that describedwith reference to FIG. 6.

Thereafter, the server generates a server verifier MAC by encrypting therandom number Rs by the generated session key K (S745),compares/verifies the generated server verifier MAC and the receivedcard verifier MAC′ (S750), generates a server verifier MAC by encryptingthe random number Rc by the generated session key K (S755), andtransmits the generated server verifier MAC to the card (S760). Herein,if the card verifier is different from the server verifier, the securitychannel may be disconnected or a financial transaction channel may bereset.

Thereafter, the card compares/verifies the server verifier MAC and thecard verifier MAC′ (S765).

As described above, the present invention can provide a powerfulsecurity function by eliminating a hacking danger possibility inadvance. Although the present invention has been described withreference to the specific embodiments, it is not limited thereto.Therefore, it will be readily understood by those skilled in the artthat various modifications and changes can be made thereto withoutdeparting from the spirit and scope of the present invention defined bythe appended claims.

1. A method for connecting an end-to-end security channel between an ICcard and a server on a communication network, comprising the steps of;generating, by the server, a random number Rs for transmission to the ICcard, generating an E(Rs) by encrypting the random number Rs by a userpublic key, and transmitting the E(Rs) to the IC card through thecommunication network; receiving, by the IC card, the E(Rs) through thecommunication network and extracting the random number Rs by decryptingthe E(Rs) by a user private key; generating, by the IC card, a randomnumber Rc to be transmitted to the server, generating a session key K′by the random number Rs and the random number Rc, and generating a firstcard verifier MAC′ by encrypting the random number Rs by the session keyK′; transmitting, by the IC card, the random number Rc and the firstcard verifier MAC′ to the server through the communication network;receiving, by the server, the random number Rc and the first cardverifier MAC′ through the communication network, generating a sessionkey K by the random number Rs and the random number Rc, and generating afirst server verifier MAC by encrypting the random number Rs by thesession key K; and comparing, by the server, the first card verifierMAC′ and the first server verifier MAC to certify the session key K. 2.A method for connecting an end-to-end security channel between an ICcard and a server on a communication network, comprising the steps of;generating, by the server, a random number Rs for transmission to the ICcard, generating an E(Rs) by encrypting the random number Rs by a userpublic key, and transmitting the E(Rs) to the IC card through thecommunication network; receiving, by the IC card, the E(Rs) through thecommunication network and extracting the random number Rs by decryptingthe E(Rs) by a user private key; generating, by the IC card, a randomnumber Rc to be transmitted to the server, generating an E(Rc) byencrypting the random number Rc by a server public key, generating asession key K′ by the random number Rs and the random number Rc, andgenerating a first card verifier MAC′ by encrypting the random number Rsby the session key K′; transmitting, by the IC card, the E(Rc) and thefirst card verifier MAC′ to the server through the communicationnetwork; receiving, by the server, the E(Rc) and the first card verifierMAC′ through the communication network, extracting the random number Rcby decrypting the received E(Rc) by a server private key, generating asession key K by the random number Rs and the random number Rc, andgenerating a first server verifier MAC by encrypting the random numberRs by the session key K; and comparing, by the server, the first cardverifier MAC′ and the first server verifier MAC to certify the sessionkey K.
 3. The method of claim 1 or 2, further comprising the steps of:encrypting, by the server, the random number Rc by the session key K togenerate a second server verifier MAC; transmitting, by the server, thesecond server verifier MAC to the IC card through the communicationnetwork; receiving, by the IC card, the second server verifier MAC andencrypting the random number Rc by the session key K′ to generate asecond card verifier MAC′; comparing, by the IC card, the second cardverifier MAC′ and the second server verifier MAC to certify the sessionkey K′; and if the session key K′ is certified, processing that anend-to-end security channel is connected between the IC card and theserver.
 4. The method of claim 1 or 2, further comprising the steps of:generating, by the IC card, Data′ to be transmitted to the serverthrough the communication network; encrypting, by the IC card, thegenerated Data′ by the session key K′ to generate E(Data′); andtransmitting, by the IC card, the generated E(Data′) to the serverthrough the communication network.
 5. The method of claim 4, furthercomprising the step of receiving, by the IC card, information input by aterminal with an IC card reader.
 6. The method of claim 4, furthercomprising the steps of: receiving, by the server, the E(Data′) from theIC card through the communication network; and decrypting, by theserver, the received E(Data′) by the session key K to extract the Data′.7. The method of claim 1 or 2, further comprising the steps of: if thereis Data to be transmitted to the IC card, encrypting, by the server, theData by the session key K to generate E(Data); and transmitting, by theserver, the generated E(Data) to the IC card through the communicationnetwork.
 8. The method of claim 7, further comprising the steps of:receiving, by the IC card, the E(Data) through the communicationnetwork; and decrypting, by the IC card, the received E(Data) by thesession key K′ to extract the Data.
 9. The method of claim 8, furthercomprising the step of providing, by the IC card, the extracted Data toa terminal with an IC card reader.
 10. A system for connecting anend-to-end security channel between an IC card and a server on acommunication network, comprising: a server for generating a randomnumber Rs for transmission to the IC card, generating an E(Rs) byencrypting the random number Rs by a user public key, and transmittingthe E(Rs) to the IC card through the communication network; and an ICcard for receiving the E(Rs) through the communication network,extracting the random number Rs by decrypting the E(Rs) by a userprivate key, generating a random number Rc to be transmitted to theserver, generating a session key K′=Rs∥Rc by the random number Rs andthe random number Rc, generating a first card verifier MAC′ byencrypting the random number Rs by the generated session key K′, andtransmitting the random number Rc and the first card verifier MAC′ tothe server through the communication network.
 11. A system forconnecting an end-to-end security channel between an IC card and aserver on a communication network, comprising: a server for generating arandom number Rs for transmission to the IC card, generating an E(Rs) byencrypting the random number Rs by a user public key, and transmittingthe E(Rs) to the IC card through the communication network; and an ICcard for receiving the E(Rs) through the communication network,extracting the random number Rs by decrypting the E(Rs) by a userprivate key, generating a random number Rc to be transmitted to theserver, generating an E (Rc) by encrypting the random number Rs by aserver public key, generating a session key K′=Rs∥Rc by the randomnumber Rs and the random number Rc, generating a first card verifierMAC′ by encrypting the random number Rs by the generated session key K′,and transmitting the E(Rc) and the first card verifier MAC′ to theserver through the communication network.
 12. The system of claim 10 or11, further comprising a terminal having an IC card reader capable ofreading the IC card and providing a communication node between the ICcard and the server.
 13. The system of claim 10, wherein the serverreceives the random number Rc and the first card verifier MAC′ throughthe communication network, generates a session key K=Rs∥Rc by the randomnumber Rc and the first card verifier MAC′, generates a first cardverifier MAC by encrypting the random number Rs by the session key K,comparing the first card verifier MAC′ and the first card verifier MACto certify the session key K, generates, if the session key K′ iscertified, a second server verifier MAC by encrypting the random numberRc by the session key K, and transmits the generated second serververifier MAC to the IC card through the communication network.
 14. Thesystem of claim 11, wherein the server receives the E(Rc) and the firstcard verifier MAC′ through the communication network, extracts therandom number Rc by decrypting the E(Rc) by a user public key, generatesa session key K=Rs∥Rc b by the random number Rs and the random numberRc, generates a first card verifier MAC by encrypting the random numberRs by the session key K′, comparing the first card verifier MAC′ and thefirst card verifier MAC to certify the session key K′, generates, if thesession key K′ is certified, a second server verifier MAC by encryptingthe random number Rc by the session key K, and transmits the generatedsecond server verifier MAC to the IC card through the communicationnetwork.
 15. The system of claim 13 or 14, wherein the IC card receivesthe second server verifier MAC, generates a second server verifier MAC′by encrypting the random number Rc by the session key k′, compares thesecond server verifier MAC′ and the second server verifier MAC tocertify the session key K, and if the session key K is certified,processes that an end-to-end security channel is connected with theserver.
 16. The system of claim 10 or 11, wherein the IC card comprisesan IC chip having a memory for storing at least one of user certificateinformation with the user private key and server certificate informationwith the server public key.